Add disableTransparentTls call

Summary: Similar to AsyncSocket, allow setting reserved sockopt after bind(). This will be recognized by intercepted accept4() call and forked sockets will properly have the TLS flag disabled.

Reviewed By: djwatson

Differential Revision: D4458831

fbshipit-source-id: fa753b9d849bd661563364d36229113f7abb0ee0

diff --git a/folly/io/async/AsyncServerSocket.cpp b/folly/io/async/AsyncServerSocket.cpp
index 6b2b9466ee22aa4d53ef5e9661c0b5b6839c0d46..dc6b4b6c6411050afad320f822f69efd6e5362a0 100644 (file)
--- a/folly/io/async/AsyncServerSocket.cpp
+++ b/folly/io/async/AsyncServerSocket.cpp
@@ -281,6 +281,13 @@ void AsyncServerSocket::useExistingSockets(const std::vector<int>& fds) {
     SocketAddress address;
     address.setFromLocalAddress(fd);
 
+#if __linux__
+    if (noTransparentTls_) {
+      // Ignore return value, errors are ok
+      setsockopt(fd, SOL_SOCKET, SO_NO_TRANSPARENT_TLS, nullptr, 0);
+    }
+#endif
+
     setupSocket(fd, address.getFamily());
     sockets_.emplace_back(eventBase_, fd, this, address.getFamily());
     sockets_.back().changeHandlerFD(fd);
@@ -298,6 +305,7 @@ void AsyncServerSocket::bindSocket(
   sockaddr_storage addrStorage;
   address.getAddress(&addrStorage);
   sockaddr* saddr = reinterpret_cast<sockaddr*>(&addrStorage);
+
   if (fsp::bind(fd, saddr, address.getActualSize()) != 0) {
     if (!isExistingSocket) {
       closeNoInt(fd);
@@ -307,6 +315,13 @@ void AsyncServerSocket::bindSocket(
         address.describe());
   }
 
+#if __linux__
+  if (noTransparentTls_) {
+    // Ignore return value, errors are ok
+    setsockopt(fd, SOL_SOCKET, SO_NO_TRANSPARENT_TLS, nullptr, 0);
+  }
+#endif
+
   // If we just created this socket, update the EventHandler and set socket_
   if (!isExistingSocket) {
     sockets_.emplace_back(eventBase_, fd, this, address.getFamily());
@@ -413,6 +428,13 @@ void AsyncServerSocket::bind(uint16_t port) {
           SocketAddress::getFamilyNameFrom(res->ai_addr, "<unknown>"));
     }
 
+#if __linux__
+    if (noTransparentTls_) {
+      // Ignore return value, errors are ok
+      setsockopt(s, SOL_SOCKET, SO_NO_TRANSPARENT_TLS, nullptr, 0);
+    }
+#endif
+
     SocketAddress address;
     address.setFromLocalAddress(s);
 

diff --git a/folly/io/async/AsyncServerSocket.h b/folly/io/async/AsyncServerSocket.h
index a6b4de6d3f30243904010c1a4d52bbc9b477610a..f509cbc68e14838b320477f0af6800970ffb9739 100644 (file)
--- a/folly/io/async/AsyncServerSocket.h
+++ b/folly/io/async/AsyncServerSocket.h
@@ -38,6 +38,10 @@
 #define SO_REUSEPORT 15
 #endif
 
+#if defined __linux__ && !defined SO_NO_TRANSPARENT_TLS
+#define SO_NO_TRANSPARENT_TLS 200
+#endif
+
 namespace folly {
 
 /**
@@ -678,6 +682,13 @@ class AsyncServerSocket : public DelayedDestruction
     tfoMaxQueueSize_ = maxTFOQueueSize;
   }
 
+  /**
+   * Do not attempt the transparent TLS handshake
+   */
+  void disableTransparentTls() {
+    noTransparentTls_ = true;
+  }
+
   /**
    * Get whether or not the socket is accepting new connections
    */
@@ -857,6 +868,7 @@ class AsyncServerSocket : public DelayedDestruction
   bool reusePortEnabled_{false};
   bool closeOnExec_;
   bool tfo_{false};
+  bool noTransparentTls_{false};
   uint32_t tfoMaxQueueSize_{0};
   ShutdownSocketSet* shutdownSocketSet_;
   ConnectionEventCallback* connectionEventCallback_{nullptr};